Short Paper: Dynamic Risk Mitigation for 'Self-defending' Network Security

We introduce1 a novel probabilistic modeling2 framework, which captures key performance tradeoffs arising in information network security. Given a set of resources available to protect and defend a network, how should those be dynamically configured to maximize the protection level? Different resource configurations enable various network defense modes. Besides the capital and operational costs of the resources, there are also ‘invasiveness’ costs associated with stresses that network users experience due to protection measures. How should these costs be balanced and how should the network dynamically configure its protection resources to efficiently defend itself? Taking a risk management point of view, we develop a parsimonious flexible model, capturing the above issues in a unified manner. The model enables the formulation of key optimization schemes for dynamically controlling the network defense modes via on-line algorithms. It provides a systematic design framework for ‘self-defending’ networks that can autonomously maintain their integrity in the presence of changing adverse conditions.